3aIT Blog

You may have heard the term DDoS attack (or sometimes just DoS) in relation to issues with various internet based servers (websites, VOIP etc). What does this actually mean?

DDoS stands for "Distributed Denial of Service". While this sounds very complicated, it isn't really. When a service is taken down by such an attack, all this means is that someone is maliciously directing huge amounts of web traffic at a service to the point that it becomes overwhelmed.

That covers the "Denial of Service" bit. "Distributed" means that this traffic is coming from multiple sources. Usually, this involves an attacker using directing huge numbers of compromised machines round the world at the service they have decided to target. The users of these machines will likely be unaware that their machine is being used in this way.

This further enforces the need to always be wary when using the internet. There was a time where viruses just did as much damage to a machine as they could. However, these days, it's much better if the user is unaware that their machine has been hijacked (money making schemes like Cryptolocker aside). If the user is aware there's something wrong with their machine, they'll do something to fix it. However, in DDoS attacks, millions of otherwise functioning machines (collectively known as a "botnet") can be used again and again to cause chaos without the owner's knowledge.

There can be as many as 2,000 separate DDoS attacks every day, and 1/3 of downtime is attributed to such attacks. As you would expect, initiating such attacks is illegal in most parts of the world. However, due to the nature of the attack, it can often be complicated to track down the culprit.